Source-of-leakage detectable e-mail address forming, sending and detection

ABSTRACT

Provides e-mail address forming methods to know with certainty whether or not an e-mail address was leaked. A method includes: sending a receiver&#39;s identifier and a sender&#39;s identifier to a receiver&#39;s mail server; computing a value which is encrypted by the mail server with a secret key, the secret key being only possessed by the mail server, from the receiver&#39;s identifier, the sender&#39;s identifier, and a nonce issued by the mail server, and sending the value to a receiver; and forming an e-mail address (LD address) to be used by a sender who sends a mail to a receiver, by attaching a receiver&#39;s domain name to the encrypted value. Furthermore, the present invention has an e-mail address sending method, and an e-mail sending system which uses the e-mail address forming method to know with certainty whether or not the user of an e-mail address leaked the e-mail address.

BACKGROUND OF THE INVENTION

The present invention relates to a source-of-leakage detectable e-mailaddress forming method, and particularly to a method of the sending andreceiving of an e-mail according to which it is possible to detect asource of leakage of an e-mail using the source-of-leakage detectablee-mail address forming method, and a system using the same.

In recent years, the leakage of personal information has been an issueof public concern. Therefore, the protection of personal information hasbeen clamored for. There are various measures for the protection ofpersonal information, and the detection of a source of leakage has adeterrent effect on personal information flow. The leakage of an e-mailaddress is considered to be caused by wiretapping on a communicationchannel. To counter this, the encryption of a communication channel suchas SSL has been utilized. On the other hand, there is a possibility thatone who has obtained an address leaks it artificially (data creep). Inthis case, it is not possible to prevent a leakage by use of an existingsecurity system such as the encryption of a communication channel. Asone of methods of detecting a source of information leakage, E-mailDyeing is known.

E-mail Dyeing is a system in which a source of e-mail address leakagecan be detected due to the enhancement of a conventional mail system. Itis assumed that the e-mail address of a user A who uses a mail server ofreceiver.com is A@receiver.com, the e-mail address of a user B who usesa mail server of sender.com is B@sender.com, and the e-mail address of auser C who uses a mail server of sender2.com is C@sender2.com. When Aand B make contact, the following addresses are used.

A to B B@sender.com

B to A AB@receiver.com

Similarly, when A makes contact with C,

A to C C@sender2.com

C to A AC@receiver.com

The address used when B or C sends an e-mail to A is called a dyede-mail address. However, A himself/herself is not required to manage thedyed e-mail address such as AB@receiver.com, and A's mail server ofreceiver.com carries out communications by use of a conversion table ofthe following addresses and the dyed addresses according to acommunications contact. TABLE 1 Original e-mail Communications Dyede-mail address address contact AB@receiver.com A@receiver.com BAC@receiver.com A@receiver.com C

When A sends an e-mail, a “From:” field is converted according tohis/her communications contact, thus concealing A's real address. When Areceives an e-mail, an address in a “To:” field is converted into itsoriginal address by use of the conversion table. At this time, if ane-mail is delivered to AC@receiver.com from an unknown address (forexample, except C), it is possible to detect the fact that C leakedAC@receiver.com.

However, if an e-mail address is leaked on a communication channel whilean e-mail is sent by use of E-mail Dyeing, it is not necessarily limitedthat the user B who uses the dyed address leaked the e-mail address.Furthermore, with E-mail Dyeing, in the mail server, when there are Ne-mail addresses and each e-mail address carries out communications withM addresses on average, heap usage which is required for the conversiontable of destination addresses and dyed e-mail addresses is O (NM).Moreover, a lookup is required to be performed on a table of N×M toconvert a dyed e-mail address and a sender. Additionally, E-mail Dyeingcan be realized only in a case where at least A knows B, and there is noprotocol to find A's e-mail address from B's side who does not know A.Hence, for a contact made from B's side, an e-mail address of anexisting mail system is needed to be used. Thus, it is not possible forA to authenticate communications selectively.

SUMMARY OF THE INVENTION

Therefore, to overcome these problems the present invention is toprovide an e-mail address forming method to know with certainty whetheror not an e-mail address was leaked.

The invention is also to provide an e-mail sending system which uses thee-mail address forming method to know with certainty whether or not theuser of an e-mail address leaked the e-mail address.

The invention is also to provide when the leakage was caused by the userof an e-mail address, an e-mail address forming method in which it ispossible to detect who the user is, that is, a source of leakage; or asystem using the method.

The invention is further to provide a method of sending and receiving ane-mail with extremely small computation resources which are used todetect a source of leakage; or a system using the method.

The invention is further to provide a method of sending and receiving ane-mail or a mail system, which is capable of exchanging symmetric e-mailaddresses with which it is possible to mutually request communicationswith the pursuit of responsibility for the leakage of an e-mail address.

The invention is still further to provide a method of sending andreceiving an e-mail; or an e-mail sending system, which hascompatibility with an existing mail system as well as being able todetect a source of leakage.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present invention and theadvantage thereof, reference is now made to the following descriptiontaken in conjunction with the accompanying drawings, in which:

FIG. 1 is a diagram showing an address issuance protocol in a case wherean address is issued from A;

FIG. 2 is a diagram showing an address issuance protocol in a case whereBMS is reliable;

FIG. 3 is a diagram showing an address issuance protocol in a case whereBMS is not reliable;

FIG. 4 is a diagram showing an e-mail sending protocol from B to A in acase where BMS is reliable;

FIG. 5 is a diagram showing an e-mail sending protocol in a case whereBMS is not reliable;

FIG. 6 is a diagram showing a flow chart of a case where B sends A ane-mail when BMS is reliable;

FIG. 7 is a diagram showing an extension protocol in which A issues ane-mail address to B;

FIG. 8 is a diagram showing an extension protocol in which B sends A ane-mail;

FIG. 9 is a diagram showing a case where B leaks alias to C; and

FIG. 10 is a diagram showing an example of a hardware configuration usedfor the present invention.

DETAILED DESCRIPTION OF THE INVENTION:

The present invention provides an e-mail address forming method to knowwith certainty whether or not an e-mail address was leaked. Theinvention also provides an e-mail sending system which uses the e-mailaddress forming method to know with certainty whether or not the user ofan e-mail address leaked the e-mail address. The present invention alsoprovides a solution to determining when leakage was caused by a user ofan e-mail address, and provides an e-mail address forming method inwhich it is possible to detect who the user is, that is, a source ofleakage; and provides a system using the method. The present inventionalso provides a method of sending and receiving an e-mail with extremelysmall computation resources which are used to detect a source ofleakage; and provides a system using the method.

The present invention also provides a method of sending and receiving ane-mail; or a mail system, which is capable of exchanging symmetrice-mail addresses with which it is possible to mutually requestcommunications with the pursuit of responsibility for the leakage of ane-mail address. The present invention also provides a method of sendingand receiving an e-mail; or an e-mail sending system, which hascompatibility with an existing mail system as well as being able todetect a source of leakage.

In an embodiment, the present invention provides an e-mail addressforming method including the steps of: sending a receiver's identifier Aand a sender's identifier B to a receiver's mail server AMS; computing avalue {A, B, N}K which is encrypted by the mail server AMS with a secretkey K, the secret key being possessed by the mail server AMS alone, fromthe receiver's identifier A, the sender's identifier B, and a nonce Nissued by the mail server AMS, and sending the value {A, B, N}K to areceiver; and forming an e-mail address (an LD address) to be used by asender who sends an e-mail to the receiver, by attaching a receiver'sdomain name to the encrypted value {A, B, N}K.

Moreover, an embodiment of the present invention provides an e-mailaddress sending method including the steps of: sending a receiver'sidentifier A and a sender's identifier B to a receiver's mail serverAMS; computing a value {A, B, N}K which is encrypted by the mail serverAMS with a secret key K, the secret key being possessed by the mailserver AMS alone, from the receiver's identifier A, the sender'sidentifier B, and a nonce N issued by the mail server AMS, and sendingthe value {A, B, N}K to a receiver A; forming an e-mail address (an LDaddress) to be used by a sender who sends an e-mail to the receiver, byattaching a receiver's domain name to the encrypted value {A, B, N}K;and sending the formed e-mail address to the sender.

Furthermore, an embodiment of the present invention provides an e-mailsending method including the steps of: disclosing a receiver's publicaddress; sending the public address and a message M_(B) for requesting apermission of communications with the sender to the receiver's mailserver AMS via a sender's mail server BMS; causing the mail server AMSto send M_(B) to the receiver; causing the mail server AMS to receive anaddress issuance permission from the receiver who read the message;computing the value {A, B, N}K which is encrypted by the mail server AMSwith the secret key K of the mail server AMS from the receiver'sidentifier A, the sender's identifier B and the nonce N issued by themail server AMS, thus sending the value {A, B, N}K to the sender via themail server BMS; and forming the e-mail address (the LD address) byattaching the receiver's domain name to the encrypted value {A, B, N}K,thus sending the e-mail to the receiver.

Hereinafter, descriptions will be given of the present invention byexample through particular embodiments. However, the followingembodiments do not limit the present invention covered in the scope ofclaims, and also all of combinations described in the characteristics ofthe embodiments are not necessarily essential for solving means of thepresent invention.

<Definition>

First, terms will be defined as follows. In addition, it is assumed thatall communication channels used in the present invention are encryptedin some way and that a third person can not wiretap on the communicationchannels.

Communications contacts A, B (A is a receiver and B is a sender in eachdrawing)

Mail server used by A AMS(a domain name of receiver.com)

Mail server used by B BMS (a domain name of sender.com)

A's e-mail address A@receiver.com

B's e-mail address B@sender.com

Secret key of a secret-key cryptography of AMS K_(AM)

Nonce N issued by AMS (a nonce indicates a value to be used only oncefor the same purpose.)

Public key of public-key cryptography of AMS K_(AMP)

Public key of public-key cryptography of B_(BP)

“To:” field means a destination address field.

“From:” field means a sender's field.

<Address Forming Method>

An e-mail address used when the sender B sends an e-mail to the receiverA is assumed to be {A, B, N}K_(AM)@receiver.com. A and B, which are usedhere in the address, are identifiers of A and B, respectively. Note that{*}K, which is parenthesized, means that “*” is encrypted with a key K.Hereinafter, an e-mail address formed as described above is referred toas a Leakage Detectable e-mail address. If, here, only user names of Aand B are used and an LD address is formed to be {A,B}K_(AM)@receiver.com, there are high risks to be decrypted. Therefore,a nonce is used to increase the redundancy of an encrypted message. Ifan e-mail is sent from someone other than B by use of this e-mailaddress, AMS (or A) can detect the fact that B leaked the e-mailaddress, since the address itself includes information on B. Moreover, amail system of the present invention using the Leakage Detectable e-mailaddress of the present invention (hereinafter referred to as the LDaddress) is abbreviated to LDMS. Incidentally, a special value used onlyonce, for example, for the date and time of the moment (a timestamp) orsome purpose is used for a nonce.

<Example of Forming an LD Address>

An encryption method to be used for the present invention can beselected from various methods without departing from spirit and scope ofthe present invention. A case of encryption by use of RSA, in whichprime numbers, p=1231 and q=4567, are usedin a public-key cryptography,is cited as an example. In the addresses of 10@receiver.com,11@sender.com and 12@sender.com, LD addresses whose receiver is assumedto be 10@receiver.com are as follows:

4011665@receiver.com based on {1011}_RSA=4011665 (an address which 10receives from 11)

5595442@receiver.com based on {1012}_RSA=5595442 (an address which 10receives from 12)

Here, {*}_RSA means encryption by use of the public-key cipher based onthe prime numbers, p and q. In terms of address formation with a simplerule, such as 1011@receiver.com and 1012@receiver.com which are used forE-mail Dyeing, a conversion rule of an address is extremely easy to bediscovered. When an LD address is formed with encryption, it isdifficult to find out the conversion rule due to the amount ofcomputation. An e-mail address forming system may also be set byrealizing the above address forming method in hardware.

<Address Issuance Protocol>

In the current mail system, it is necessary for B to know A's e-mailaddress to send an e-mail to A. The present invention similarly requiresthat B knows A's LD address to send A an e-mail. However, to achieve anobject of the present invention (the detection of the source ofleakage), an LD address can not be disclosed to an arbitrary person.Therefore, described here is a method of disclosing the LD address onlyto a specific person (a person who is authenticated by A). Moreover, inthe current mail system, it is possible to operate the system bynotifying the specific person alone of the e-mail address, while it isalso possible to operate the system by disclosing the address to anindefinite number of persons. An LD address issuance method of thepresent invention is designed for both operation in order not toundermine the convenience of the current mail system (although thelatter is the case where the address is disclosed to an indefinitenumber of persons, a person to whom the LD address is disclosed isselected from the indefinite number of persons). The e-mail addressissuance method of the present invention allows one to select a personto whom A passes the LD address. In other words, a process in which Aauthenticates B (the person to whom the address is passed) in some formis required. Here, descriptions will be given of two cases including acase where A directly authenticates B and a case where theauthentication is performed by a request from B to A.

Case where A Directly Authenticates B

FIG. 1 shows an address issuance protocol in a case where A issues anaddress. A's identifier (such as the account name of an e-mail address)is set to be A, and B's identifier is set to be B. First, A sends A andB to AMS (110). Next, AMS, which received it, forms an LD address, ({A,B, N}K_(AM)), and then the formed address is returned to A (120). FIG. 1shows a method in which A tells B the LD address by use of a methodother than an e-mail (130). However, it may also be set that AMSnotifies the LD address directly to B. At this time, communicationsbetween A and AMS and between A and B are assumed to be securelyperformed by using methods such as encryption.

Case 1 where Authentication is Performed by R request from B to A

FIG. 2 shows an address issuance protocol in a case where BMS isreliable. In the case of the issuance protocol shown in FIG. 1, it isnecessary for A to know B in advance. Therefore, there are no approachmethods on B's side. When A does not know B, the method of requesting Afor B's own authentication from B's side is required. FIG. 2 shows theissuance protocol to solve this problem. First, A disclosesA_(PUB)@receiver.com (this is referred to as the public LD address)(210). Next, B sends a message M_(B) to request the disclosedA_(PUB)@receiver.com for a permission of communications with B (themessage is sent to AMS through BMS in the drawing) (220). Then, AMS,which received this message, passes M_(B) to A (240). Thereafter, Asends to AMS an issuance permission (decision) of an LD address afterjudging the contents of M_(B) (250). Then, when the decision ispermitted (true), the LD address ({A, B, N}K_(AM)) is sent to B (260,270). Lastly, B sends A an e-mail by using the LD address, ({A, B,N}K_(AM)@receiver.com), from this time onward. At this time, eachcommunication is assumed to be securely performed by use of methods suchas encryption.

Case 2 where Authentication is Performed by a Request from B to A

FIG. 3 shows an address issuance protocol in the case where BMS is notreliable. In the protocol in FIG. 2, since BMS can know the LD address,({A, B, N}K_(AM)), when the LD address is leaked, it becomes impossibleto detect whether the source of leakage of the LD address is BMS orBunder the circumstance where BMS is not reliable. When BMS exists inthe same region of responsibility as B (for example, when both B and BMSare under the control of a company B′.), there arises no problem.However, when the responsibility regions of BMS and B are different fromeach other, for example, when BMS is operated by an Internet serviceprovider (ISP) and B is a user thereof, it is required to detect whichthe source of leakage is. FIG. 3 shows a solution to this problem.Although 310 to 350 in FIG. 3 are the same as 210 to 250 in FIG. 2, theLD address is notified after being encrypted with the public key(K_(BP)) of B when AMS notifies BMS of the LD address (360). Thus, it ispossible to notify B of the LD address (370) without making BMS know themain body of the LD address.

<Protocol for Sending and Receiving an E-Mail>

The LD address for A, {A, B, N}K_(AM)@receiver.com, is assumed to besecurely sent to the sender B in accordance with the foregoing addressissuance protocol. In addition, here, there is a prerequisite that A′smail server AMS does not leak to a third person the LD address, {A, B,N}K_(AM)@receiver.com, and the secret key K_(AM) of A.

Case where BMS is Reliable

The case where BMS is reliable indicates a case where there is no riskof leakage of {A, B, N}K_(AM)@receiver.com from BMS to the third person.FIG. 4 shows a protocol for sending an e-mail from B to A. First, Bsends a message M to BMS by use of the address, {A, B,N}K_(AM)@receiver.com (410). Next, BMS sends the message M to AMS by useof the address, (A, B, N}K_(AM)@receiver.com (420). Lastly, AMS sendsthe message M to A after AMS finds A out based on (A, B, N}K_(AM) by useof the secret key K_(AM) of the secret key cipher (430). In thisprotocol, there is a prerequisite that BMS and AMS do not leak {A, B,N}K_(AM)@receiver.com. Hence, B alone has a possibility to leak theaddress. When B leaks {A, B, N}K_(AM)@receiver.com and an e-mail is sentby use of {A, B, N}K_(AM)@receiver.com, A can detect the source ofleakage of A'sown LD address since AMS decrypts the address to find B,as long as each sender is provided with an LD address different fromeach other.

Case where BMS is not Reliable

FIG. 5 shows an e-mail sending protocol in the case where BMS is notreliable. First, B forms an encrypted LD address, {{A, B, N}K@yAM@z,T}K@yAMP@z@receiver.com, by use of a public key K@yAMP@z andatimestampT, and sends the messageMto BMS by use of the address, {{A, B,N}K@yAM@z, T}K@yAMP@z@receiver.com (510). The address thus formed isreferred to as an encrypted LD address. Next, BMS sends the message M toAMS by use of the address, {{A, B, N}K@yAM@z, T}K@yAMP@z @receiver.com(520). Lastly, AMS sends the message M to A (530) after AMS finds A outbased on {{A, B, N}K@yAM@z, T}K@yAMP@z@receiver.com by use of a publickey K@yAMP@z of AMS, a secret key K@yAM@z of a secret key cipher and asecret key K@yAMS@z of a public key cipher. Note that when the timestampT is earlier than a time in which a validity period L is subtracted fromthe current time (that is, the timestamp is old), AMS does not send themessage M to A. Otherwise, AMS notifies A that the timestamp is old. Inthis protocol, there is a prerequisite that AMS does not leak {A, B,N}K@yAM@z@receiver.com. Therefore, B and BMS alone have a possibility toleak the e-mail address. At this time, although B knows the LD address,{A, B, N}K@yAMP@z@receiver.com, BMS does not know it. BMS can know theencrypted LD address, {{A, B, N}K@yAMP@z, T}K@yAMP@z@receiver.com alone.Hence, the following can be said with regard to the detection of thesource of leakage. A person who can form the encrypted LD address, {{A,B, N}K@yAM@z, T}K@yAMP@z@receiver.com, by use of a fresh timestamp T isonly a person who knows (A, B, N}K@yAM@z. Hence, when an e-mail is sentfrom the third person through the encrypted LD address including a freshtimestamp, B can be detected as the source of leakage. Conversely, whenan e-mail is sent from the third person through the encrypted LD addressincluding an old timestamp, the source of leakage can not be detecteduniquely. This is because a distinction is impossible to be made betweena case where B leaks the LD address and the source of leakage forms theencrypted LD address by using an old timestamp to send an e-mail to Aand a case where BMS leaks the encrypted LD address and the source ofleakage sends A an e-mail by use of the leaked address. In this case,AMS can deal with the case by not sending A such an e-mail (an e-mailwith an old timestamp) or by indicating A that there is a possibility ofleakage. Note that in the case where BMS is reliable, forming theencrypted LD address {{A, B, N}K@yAM@z, T}K@yAMP@z@receiver.com by usingthe timestamp T is, needless to say, also effective.

FIG. 6 shows a flow chart of a case where B sends A an e-mail (when BMSis reliable). First, in Step 610, B sends an e-mail to the addressreceived from A, {A, B, N}k@receiver.com. Next, BMS, which received thee-mail from B to A, sends the e-mail to AMS (its domain name isreceiver.com) in Step 620. Then, in Step 630, AMS, which received thee-mail, decrypts an account part, {A, B, N}k with a key k of AMS, andfinds out A and B. Unless a possibility of the leakage of the e-mailaddress is detected by, for example, comparing a “From” field in thee-mail with B found by the decoding of the account part and then bothare found to be coincident with each other, AMS sends A the e-mail inStep 640 and A receives the e-mail in Step 660. On the other hand, incases such as a case where the “From” field in the e-mail does notcoincide with B found by the decoding of the account part as a result ofcomparison and the possibility of the leakage of the e-mail address isdetected, exceptional processes are performed in Step 650. Theseexceptional processes are to take measures such as not sending A thee-mail by judging it as an e-mail from the third person based on theleaked address, sending A the e-mail together with a warningnotification or disabling A's e-mail address.

Hereinafter, described are embodiments in which the issuance of an LDaddress, the sending and receiving of e-mails by use of the LD addressand an LDMS of the present invention are practically applied.

First Embodiment

<Issuance of LD Address>

If A issues an e-mail address physically directly to B, A first asks B'se-mail address when A tells his/her own contact point to B. Next, thisB′s e-mail address is sent to AMS (via mobile phone e-mail or the like)(110). A formed LD address is returned from AMS (to the mobile phonee-mail or the like) (120). Lastly, A tells this LD address directly to B(130).

If A tells B about his/her contact point via e-mail, B's e-mail addressis first sent to AMS (110) when A tells his/her contact point to B. AMSforms an LD address and sends A the LD address via e-mail (120). Lastly,A sends the LD address via e-mail (at this time, this e-mail isencrypted) (130).

When a public LD address is open to the public on A's own website, Afirst discloses A_(PUB)@receiver.com as a public LD address on his/herown website (210 or 310). B, who saw it, sends to A_(PUB)@receiver.com amessage M_(B) to the effect that B requests A for an LD address (220 and230, or 320 and 330). AMS sends M_(B) to A (240 or 340). Next, A judgeswhether or not to provide B with the LD address based on M_(B), andsends AMS the result of the judgment regarding the issuance of the LDaddress (250 or 350). Lastly, AMS sends the LD address to B via e-mailas well as a message to the effect that this address shall not be leaked(260 and 270, or 360 and 370).

If A tells his/her contact point directly to B, A writesA_(PUB)@receiver.com on his/her own business card, and then provides itto B (210 or 310). Next, B sends an e-mail to A_(PUB)@receiver.com once(220 and 230, or 320 and 330). The remaining steps are the same as theforegoing implementation of disclosure on the website.

Second Embodiment

<Sending and Receiving E-Mail by use of LD Address>

(1) When BMS is reliable, B types an LD address in a “To” field, thussending an e-mail (410 and 420). AMS compares B found by decoding the LDaddress with a value in a “From” field of the e-mail. When they coincidewith each other, AMS judges the e-mail to be an e-mail which was sentfrom an authorized sender, thus sending the message body of the e-mailto A (430). If B and the value of the “From” field do not coincide witheach other, AMS notifies A of the detection of the leakage of the e-mailaddress. In this case, restrictions are imposed on B included in the LDaddress. Moreover, if a third person C types B in a “From” field, thussending the e-mail, AMS can not detect the leakage of the address.However, from the contents of the message, it may be possible for A tojudge the leakage.

(2) When BMS is reliable, B types the LD address in the “To” field, thussending the e-mail (410 and 420). AMS decrypts the LD address, and sendsB included in the LD address, the message and the contents of “From”field, to A (430). A, who received them, confirms from an identifier B,the “From” field, the contents of the message and the like that thise-mail address is not leaked. Given that it is the e-mail from the thirdperson C, it means that B expressed as the identifier B leaked thee-mail address. In this case, no restriction is imposed on theidentifier B included in the LD address. It is sufficient as long as Acan judges from the contents.

(3) When BMS is not reliable, B types the LD address in the “To” fieldand click a “Send” button. At the same time, a mailer obtains a publickey K_(AMP) from AMS to form an encrypted LD address with the currenttime as a timestamp. The “To” field is rewritten into this encrypted LDaddress, thus sending the e-mail to BMS (510). BMS sends AMS the e-mailby use of the encrypted LD address (520). AMS, which received thee-mail, decrypts the encrypted LD address, and checks the timestamp.

(3-1) If the timestamp is later than a time in which a validity period Lis subtracted from the current time (that is, the timestamp is fresh),the LD address is decrypted and is checked from the identifier B whetheror not there is the leakage of the LD address. This check is performedby use of the check method of either above (1) or (2).

(3-2) If the timestamp is earlier than a time in which the validityperiod L is subtracted from the current time (that is, the timestamp isinvalid), the validity period for this address is over and B is notifiedthrough BMS that the message was not delivered to A.

(4) When BMS is not reliable, the same processes are performed till(3-1) in the case of above (3). In the case of above (3-2) where thetimestamp is invalid, the decodings of the encrypted LD address and theLD address are performed, thus checking the leakage of the LD address.This check is performed by use of the check method of either above (1)or (2). Finally, AMS notifies A that there is a possibility of theleakage of the encrypted LD address since the timestamp is invalid.

Third Embodiment

<Measures Against “From” Forgery>

In the current mail system, it is possible to make a “From” field acharacter string which is different from an e-mail address of the actualsender. By using a mail system of the present invention, it is possibleto automatically block an e-mail whose “From” field is rewritten, or toissue a warning against it. The following is the procedure for it.First, an identifier of B (an e-mail sender), which is required to forman LD address, is set to be B's e-mail address (B@sender.com). That is,the LD address to be formed at this point is set to be {A, B,N}k@receiver.com. When A (an e-mail receiver) or AMS decrypts the LDaddress of the e-mail which was sent, the “From” field in the sente-mail and B's identifier (B@sender.com) in the LD address are compared.If they are different from each other, the receipt is rejected or awarning is issued. In this way, for example, when B is infected with avirus and the virus sends an e-mail to A's (LD) address in B's addressbook by fabricating a “From” field, A can avoid receiving this kind ofe-mail. Furthermore, by issuing a warning instead of rejecting thereceipt, it is also possible that a user himself/herself judges whetheror not it is “From” forgery.

Fourth Embodiment

<Use of LD address with mobile phone e-mail>

In an e-mail exchange via mobile phone, various spam e-mails have becomeproblems now. One of them is a case where a spam e-mail is sent to amobile phone e-mail address which was leaked. In this case, a mobilephone e-mail address is converted into an LD address with a protocol ofthe present invention. Therefore, it is possible to detect the source ofleakage just in case the address is leaked and a spam e-mail isdelivered. Moreover, it is possible to reject the receipt of spame-mails by setting this address to reject e-mails without notifyingother senders of the change in address. Another case is a case where theleakage destination of an e-mail address misrepresents a sender by useof a leaked e-mail address when sending a spam e-mail to an arbitrarythird person. For example, his/her own e-mail address is set to be10@receiver.com, the leakage destination is set to be 11@sender.com andan address to which the leakage destination sends a spam e-mail is setto be 12@abc.com, 13@abc.com and the like. At this time, the sender ofthe spam e-mail at the leakage destination misuses the sender's address,for example,

To: 12@abc.com

From: 10@receiver.com.

Thus, 11@sender.com is concealed and the leakage destination provides afalse identity as if the sender were 10@receiver.com. At this time, if12@abc.com is an e-mail address which does not exist, this spam e-mailbecomes an address unknown e-mail. Therefore, 10@receiver.com receivesfrom a mail server a message that this spam e-mail was not delivered. Atthis point, if 10@receiver.com uses an LD address of4011665@receiver.com formed based on {1011}_RSA=4011665, the destinationof address leakage is detected as 11@sender.com. Although it is notpossible to detect whether 11@sender.com is the spam e-mail sender or ismerely the person who leaked the address, it is at least possible todetect that generation of the spam e-mail was caused by the leakage by1@sender.com. Furthermore, there is an advantage to prevent a receiverfrom receiving a returned message of an address unknown e-mail byrejecting the receipt of an e-mail whose “From” field is4011665@receiver.com.

Fifth Embodiment

<Leakage Detection Service for E-Mail Address by ISP>

If an Internet service provider (ISP), which provides an e-mail service,adopts an LDMS in its mail system, it is possible to provide its userswith a service to notify the detection of the leakage of the e-mailaddresses. The following is its method. Here, a mail server of the ISPis assumed to possess a secret key K specific to the server.

When a user A sends an e-mail to a user B, the ISP issues an e-mailaddress of A@ISP.com to the user A, and stores it in the server. Theuser A is required to keep an identifier A secret. When A sends ane-mail to the user B, A types B's e-mail address, B@abc.com, in a “To”field on A's mail client software. However, the mail server of the ISPautomatically rewrites a “From” field into an LD address of {A, B,N}k@ISP.com, and sends the e-mail.

When the user B sends an e-mail to the user A, B sends the e-mail byusing an LD address for A. The server, which received the e-mail,decrypts the LD address by use of K, thus obtaining A's identifier.Then, the server rewrites the “To” field of the e-mail with A@ISP.com. Areceives the e-mail, which was sent from B, from the mail server.

When the e-mail address of the user A is leaked, B leaks A's LD addressto C and C sends a spam e-mail to A by using the leaked address of A.The ISP decrypts the LD address received from C. Thus, the ISP detectsthat the spam e-mail is for A and that the LD address was issued to B.Then, the “From” field of the e-mail received from C and the originalholder of the LD address extracted from the LD address are compared. Ifthey are different from each other, A is warned that there is apossibility that the original holder (B) leaked the LD address.

This service has an advantage over A that A is not required to directlymanage the LD address (such as {A, B, N}k@ISP.com). The server programconverts A's address into an LD address, thus concealing the LD addressfrom A. Therefore, A may use an e-mail address having an ordinaryidentifier in the “To” and “From” fields. In addition, the above workseffectively even in a case where the “From” field is fabricated by aperson other than B. Since the present invention uses encryption for anaddress formation rule, forgery is difficult as long as a secret key isnot leaked. Moreover, the formation of an LD address and the extractionof a true identifier from the LD address can be performed in a constanttime due to the processes of coding and decoding. Furthermore, theamount of memory space required for the processes of coding and decodingis normally as small as to present no problem. Hence, the presentinvention in which both space complexity and time complexity areconstants is greatly suitable for this kind of service.

Sixth Embodiment

<Use with Consideration for General User>

With reference to FIGS. 7 to 9, descriptions will be given of anextension protocol in which a general user is not required to handle anencrypted address. In the use of an LD address, there arises a casewhere complex, encrypted address is handled upon sending and receivinge-mails. If the method described in the section of the embodiment of theISP is used, A (a user who is the destination of an LD address) is notrequired to directly handle the LD address. However, B (a user who sendsA an e-mail by using the LD address) maybe required to directly handle acomplex-looking, encrypted LD address in some cases. The following is amethod of making the appearance of an address similar to that of anordinary e-mail, the address having an actual LD address inside, inconsideration of a general user.

Here, it is set that a user who receives an e-mail (that is, a user whois a destination of an LD address) is A; A's mailer is a receiver'smailer AML; A's mail server is AMS; A's true address issued to A isA@ams.com; a user who sends the e-mail (that is, a user who sends A thee-mail by use of the LD address) is B; B's mailer is BML; B's mailserver is BMS; and B's address is B@bms.com. In addition, at this time,A is assumed to know B's e-mail address (B@bms. com) previously in someway (by using the protocol of an LDMS if B is assumed to use the LDMS).

This method eliminates a necessity for B to directly handle an encryptedcharacter string (an LD address) when the address is conveyed to B basedon a “From” field in a manner that A sends an e-mail to B. Accordingly,an extension to correspond to the system is added to the mailer BML usedby B. On the other hand, other protocols and systems are not required tobe changed.

In the current mail system, there are some fields in a header of ane-mail to be sent. A sender's field (a “From:” field) is one of thefields included the header. The address of an e-mail sender (one whowrote an e-mail in the original meaning) is to be entered here.Therefore, at least when an e-mail is sent from AMS, an encryptedaddress such as {A, B, N}k@ams.com is entered in the “From” field of thee-mail sent by A in the LDMS. If this is sent to B as it is, B is todirectly see this complex address (see the ordinary protocols of FIGS. 1to 5). Therefore, this problem is solved by using a user extension fieldwhich exists in an e-mail header of the current mail system. The userextension field is referred to as the “X-From:” field. (In the currentmail system, the user extension field begins with X-. In addition, theuser extension field can be referred to as X-LDMSFrom in order to avoidan interference with other user extension fields, but still it isreferred to as X-From since X-LDMSFrom is long.) Detailed descriptionswill be given of this extension protocol in the following.

<Extension Protocol>

First, when AMS issues an e-mail account to A, a nickname Q_(A) uniqueto A under AMS, which is an alias of A, is formed other than a realaddress of A@ams.com (a pet name or a by name may also be formedinstead) (701). This Q_(A) can be selected by A unless it interfereswith the other users under AMS. In other words, this Q_(A) is the aliaswhich is set uniquely to A in order not to overlap users under AMS. Itguarantees no occurrence of addresses interference with other usersunder AMS when the contents of “X-From” are registered in BML.

Extension protocol in which A's address is conveyed to B in a mannerthat A sends an e-mail to B

FIG. 7 shows an extension protocol in which A issues an e-mail addressto B. A types B's address, B@bms.com, in a “To:” field of AML and sendsan e-mail (710). At this time, AML sets A@ams.com in the “From:” fieldand sends the e-mail to AMS (720). This is a protocol itself for anordinary mail system. AMS, which received the e-mail, forms an LDaddress of {A, B, N}k@ams.com and rewrites the “From:” field into the LDaddress. Furthermore, AMS generates a user extension field of “X-From:”,and then A's alias of Q_(A)@ams.com is written there. The e-mailcompleted in this way is sent to BMS (730). This protocol is an originalprotocol of the present invention. BMS, which received the e-mail, sendsthe e-mail to B (740). This is the protocol itself for the ordinary mailsystem. BML (750) receives the sent e-mail. Here, if BML (750) isextended for the LDMS, BML interprets the “X-From:” field and creates atable in which the contents of the “X-From:” field is a key and thecontents of the “From:” field (the LD address) is a value (702).Hereinafter, the table created here is referred to as the alias table(the nickname table). The “From:” field of an e-mail header is rewritteninto the contents of the “X-From” field (specifically, the alias ofQ_(A)@ams.com), thus presenting the address to a user (760). Therefore,the user B is not required to directly handle the LD address. When BML(750) is not extended for the LDMS, BML can not interpret the “X-From:”field. Hence, the LD address is presented to the user without beingrewritten as the contents of the “From:” field. However, even a mailerwhich is not extended for an LD address can handle an e-mail having anLD address.

Extension Protocol in which B Sends A an E-Mail

FIG. 8 shows an extension protocol in which B sends A an e-mail. Here,BML is extended for the LDMS, and A's address seems Q_(A)@ams.com to Bdue to the above protocol. In this state, B attempts to send A an e-mailby use of BML. At this time, A's address is assumed to seemQ_(A)@ams.com to B. Therefore, Q_(A)@ams.com is entered in a “To:” fieldin the e-mail edit screen of BML, and B issues a send instruction to BML(810). BML, which received the send instruction, retrieves Q_(A)@ams.comfrom the alias table. Then, its value (that is, the LD address) isoverwritten on the “To:” field, and the e-mail is sent to BMS (820).From this point onward, steps are identical with the protocols of thepresent invention which has heretofore been described.

<Exceptional Processes for Extension Protocol>

In this extension protocol, the alias of Q_(A)@ams.com is newly added asinformation which B can know compared with the time when the LDMS isused ordinarily. However, this Q_(A)@ams.com is information which causesno special problem even if it is leaked, since there exists no usercorresponding to Q_(A)@ams.com even if an e-mail is sent toQ_(A)@ams.com. In addition, if AMS follows the protocol of the LDMS todecrypt Q_(A), Q_(A) is confirmed not to be an LD address since theresult of the decoding has no meaning. Furthermore, if, for example, acertain rule is provided to generate an alias, AMS interprets the ruleand it is made possible to grasp the fact that an e-mail was sent by useof the alias. Therefore, it is possible to determine that this e-mailwas not sent by use of a valid method, that is, not by use of an addressin the ordinary mail system, or not in accordance with the protocol ofthe LDMS. Based on the determination, exceptional processes, such assending an e-mail including a warning or sending an e-mail to an accountfor an audit, can be performed. FIG. 9 shows a case where B leaks thealias to C and C sends A an e-mail by use of A's address which wasnotified from B (902). When an e-mail is sent to AMS from a mail serverCMS of the third person C, AMS attempts to decrypt the e-mail by use ofa key k of Q_(A), but its result is incomprehensible. Here, since AMScan understand Q_(A) of the original account part, based on thisinformation, AMS knows that C is not a valid e-mail sender. Hence, it ispossible to perform the exceptional processes such as sending an e-mailto the account for the audit or sending A an e-mail including a warning(901). For a case where BML is disassembled to obtain the LD address,BML retains the LD address in the alias table. It is conceivable thatthe LD address is not leaked to the outside as it can in a manner thatBML performs the encryption of the table and the like. In case theinformation on this table is leaked to the outside, it is equivalent tothe case where the LD address is leaked when this extension protocol isnot used.

<Coexistence with Ordinary E-Mail>

When BML receives an ordinary e-mail (in a manner that the method of thepresent invention is not used), since there is no “X-From:” field in thereceived e-mail, BML can understand that the e-mail is an ordinarye-mail. In that case, the contents of the “From:” field may or may notbe registered in the alias table as both the key and the value. When ane-mail is sent by use of BML, if there is an entry equivalent to the“From:” field, its value is overwritten on the “To:” field. However, ifthere is no entry equivalent to the “From:” field, the e-mail is sent toBMS while leaving the “To:” field as it is. Moreover, even if the useris an authorized user, it is not possible for the user to send an e-mailby use of Q_(A)@ams.com through a different mailer. In this case, ifthis different mailer is a mailer which corresponds to the LDMS, it ispossible to take measures such as enabling the table to export.

<Example of Configuring Hardware>

FIG. 10 shows an example of a hardware configuration for a mail serverand for a terminal used by a user, the hardware configuration relatingto the embodiments or the applied embodiments. A computer 1000 includes:CPU peripheral parts having a CPU 900 mutually connected with a hostcontroller 910, a RAM 940, a ROM 930 and an I/O controller 920; acommunication interface 950 connected by the I/O controller 920; a harddisk drive 980; a multi combo drive 990 which can read and write adisk-shaped medium 995 such as a CD and a DVD; an FD drive 945 which canread and write a flexible disk 985; a sound controller 960 which drivesa sound input/output device 965; a graphic controller 970 which drives adisplay device 975.

The CPU 900 operates based on programs stored in the ROM 930, BIOS andthe RAM 940, and controls each part. The graphic controller 970 obtainsimage data generated by the CPU 900 and the like on a frame buffer whichis provide in the RAM 940, thus displaying the data on the displaydevice 975. Otherwise, the graphic controller 970 may include the framebuffer therein, which stores pictorial data generated by the CPU 900 andthe like.

The communication interface 950 communicates with an external mailserver, a user terminal, a router and the like via a network. Note thatthe network can be used without changing the configuration of thepresent invention even if the network is connected with a wired orwireless connection, infrared rays, or a short-range wireless connectionsuch as BLUETOOTH. The hard disk drive 980 stores code and data of amailer application, a server program and the like, the code and the databeing used by the computer 1000. The multi combo drive 990 readsprograms or data off the medium 995 such as a CD and a DVD. The programsor the data, which were read off these storage devices, are loaded tothe RAM 940, thus being used by the CPU 900. The medium in which theprogram of the present invention is stored may be supplied from theseexternal storage media or may be supplied by downloading through theinternal hard disk drive 980 or the network.

The program described above may be stored in an external storage medium.As the storage medium, an optical storage medium such as a DVD or a PD,a magneto-optical storage medium such as an MD, a tape medium, asemiconductor memory such as an IC card or the like can be used otherthan a flexible disk 1090 and a CD-ROM 1095. Furthermore, a program maybe captured through the network by using, as a storage device, a harddisk provided in a server system which is connected to a dedicatedcommunication network or the Internet, or a storage device such as aRAM. As understood from the above example of the configuration, hardwarenecessary for the present invention can use any kind of hardware whichhas ordinary computer functions. For example, a mobile terminal, amobile phone terminal, a household electrical appliance having acommunication function, hardware dedicated to sending and receiving ane-mail can be used without any trouble.

As described above, the present invention have been described by use ofthe embodiments. However, a technical scope of the present invention isnot limited to the scope described in the above embodiments. It isobvious to those skilled in the art that various alterations ormodification can be added to the above embodiments. It is obvious fromthe description of the scope of claims of the present invention thataspects added with such alterations and modifications can be included inthe technical scope of the present invention.

According to the present invention, a communication channel to be usedis encrypted in some way, and a third person is precluded fromwiretapping in the middle of the communication channel. Therefore, whenan e-mail address is leaked, an e-mail address-leaking person B isdetectable as long as BMS is reliable. When BMS is not reliable, it isstill possible to trace a source of leakage in identifying B as aleaking person, if the third person sends an e-mail using an encryptedLD address including a fresh timestamp. Further, the use of an encryptedLD address makes it possible to block the direct leakage of the LDaddress from BMS. It is possible, with a timestamp, to distinguishbetween the leakage of an encrypted LD address (leakage from BMS) andthe leakage of an LD address (leakage from B). A user (receiver) has achance to see the LD address, but it is not necessary to record it. Theuser (receiver) has no need to know about the LD address, and in a casewhere an e-mail with the LD address is sent to the user, the user cantreat the e-mail as if an ordinary e-mail has been sent. The amount ofuse of heap in a mail server is allocated only to a secret key used forpublic key cryptosystem of the mail server and to a secret key of apublic key which are to be used for a public-key cipher, and to a secretkey for a secret key cipher. Hence a computer resource can be greatlyminimized. The time required for converting an LD address and a senderis for a decoding cost for a secret key cipher when BMS is reliable, andis for the sum of decoding costs for the public-key cipher and thesecret key cipher, and is scalable, when BMS is not reliable. When anaddress for the transmission of an LD address is provided, A can selecton his/her own judgment whether to make issuing of address to a requestfor an e-mail address (LD address) made by B. Hence, a symmetricexchange of e-mail addresses, that B also requests A to makecommunications using an LD address (an address associated withaccountability for identifying leakage), becomes possible. The presentinvention is advantageous over the conventional technology with respectto three aspects such as space complexity, time complexity, andsecurity.

Although the preferred embodiments of the present invention have beendescribed in detail, it should be understood that various changes,substitutions and alternations can be made therein without departingfrom spirit and scope of the inventions as defined by the appendedclaims. Variations described for the present invention can be realizedin any combination desirable for each particular application. Thusparticular limitations, and/or embodiment enhancements described herein,which may have particular advantages to a particular application neednot be used for all applications. Also, not all limitations need beimplemented in methods, systems and/or apparatus including one or moreconcepts of the present invention. Methods may be implemented as signalmethods employing signals to implement one or more steps. Signalsinclude those emanating from the Internet, etc.

The present invention can be realized in hardware, software, or acombination of hardware and software. A visualization tool according tothe present invention can be realized in a centralized fashion in onecomputer system, or in a distributed fashion where different elementsare spread across several interconnected computer systems. Any kind ofcomputer system—or other apparatus adapted for carrying out the methodsand/or functions described herein—is suitable. Atypical combination ofhardware and software could be a general purpose computer system with acomputer program that, when being loaded and executed, controls thecomputer system such that it carries out the methods described herein.The present invention can also be embedded in a computer programproduct, which comprises all the features enabling the implementation ofthe methods described herein, and which—when loaded in a computersystem—is able to carry out these methods.

Computer program means or computer program in the present contextinclude any expression, in any language, code or notation, of a set ofinstructions intended to cause a system having an information processingcapability to perform a particular function either directly or afterconversion to another language, code or notation, and/or reproduction ina different material form.

Thus the invention includes an article of manufacture which comprises acomputer usable medium having computer readable program code meansembodied therein for causing a function described above. The computerreadable program code means in the article of manufacture comprisescomputer readable program code means for causing a computer to effectthe steps of a method of this invention. Similarly, the presentinvention may be implemented as a computer program product comprising acomputer usable medium having computer readable program code meansembodied therein for causing a a function described above. The computerreadable program code means in the computer program product comprisingcomputer readable program code means for causing a computer to effectone or more functions of this invention. Furthermore, the presentinvention may be implemented as a program storage device readable bymachine, tangibly embodying a program of instructions executable by themachine to perform method steps for causing one or more functions ofthis invention.

It is noted that the foregoing has outlined some of the more pertinentobjects and embodiments of the present invention. This invention may beused for many applications. Thus, although the description is made forparticular arrangements and methods, the intent and concept of theinvention is suitable and applicable to other arrangements andapplications. It will be clear to those skilled in the art thatmodifications to the disclosed embodiments can be effected withoutdeparting from the spirit and scope of the invention. The describedembodiments ought to be construed to be merely illustrative of some ofthe more prominent features and applications of the invention. Otherbeneficial results can be realized by applying the disclosed inventionin a different manner or modifying the invention in ways known to thosefamiliar with the art.

1. An e-mail address forming method, comprising the steps of: sending areceiver's identifier A and a sender's identifier B to a receiver's mailserver AMS; computing a value {A, B, N}K which is encrypted by the mailserver AMS with a secret key K, the secret key K being only possessed bythe mail server AMS, from the receiver's identifier A, the sender'sidentifier B, and a nonce N issued by the mail server AMS, and sendingthe value {A, B, N}K to a receiver; and forming an e-mail address (LDaddress) to be used by a sender who sends an e-mail to a receiver, byattaching a receiver's domain name to the encrypted value {A, B, N}K. 2.An e-mail sending method for a sender to send an e-mail to a receiver,comprising the steps of: sending a receiver's identifier A and asender's identifier B to a receiver's mail server AMS; computing a value{A, B, N}K which is encrypted by the mail server AMS with a secret keyK, the secret key K being only possessed by the mail server AMS, fromthe receiver's identifier A, the sender's identifier B, and a nonce Nissued by the mail server AMS, and sending the value {A, B, N}K to areceiver; forming an e-mail address (LD address) to be used by a senderwho sends an e-mail to a receiver, by attaching a receiver's domain nameto the encrypted value {A, B, N}K; and sending the formed e-mail addressto the sender.
 3. An e-mail sending method, comprising the steps of:disclosing a receiver's public address; sending the public address and amessage M_(B) for requesting a permission of communication with a senderto a receiver's mail server AMS via a sender's mail server BMS; causingthe mail server AMS to send the message M_(B) to a receiver; causing themail server AMS to receive an address issuance permission from thereceiver who received and read the message; computing a value {A, B, N}Kwhich is encrypted by the mail server AMS with a secret key K of themail server AMS from a receiver's identifier A, a sender's identifier B,and a nonce N issued by the mail server AMS, and sending the value {A,B, N}K to the sender via the mail server BMS; and forming an e-mailaddress (LD address) by attaching a receiver's domain name to theencrypted value {A, B, N}K, and sending an e-mail to a receiver.
 4. Ane-mail sending method, comprising the steps of: disclosing a receiver'spublic address; sending the public address and a message M_(B) forrequesting a permission of communication with a sender to a receiver'smail server AMS via a sender's mail server BMS; causing the mail serverAMS to send the message M_(B) to a receiver; causing the mail server AMSto receive an address issuance permission from the receiver who receivedand read the message; and computing a value {{A, B, N}K} K_(BP) which isencrypted by the mail server AMS with a secret key K of the mail serverAMS and is further encrypted with a sender's public key K_(BP) from areceiver's identifier A, a sender's identifier B, and a nonce N issuedby the mail server AMS, and sending the value {{A, B, N}K} K_(BP) to thesender via the mail server BMS.
 5. An e-mail sending method, comprisingthe steps of: in a condition where a sender knows a receiver's e-mailaddress (LD address) with a receiver's domain name attached to a value{A, B, N}K which is encrypted by a mail server AMS with a secret key K,the secret key K being only possessed by the mail server AMS, from areceiver's identifier A, a sender's identifier B, and a nonce N issuedby the mail server AMS, causing a mail server BMS to receive the e-mailaddress and a message M from a sender; causing the mail server BMS tosend the e-mail address and the message M to the mail server AMS; andcausing the mail server AMS to identify a receiver from the e-mailaddress using a secret key Kin, and to send the message M to thereceiver.
 6. An e-mail sending method comprising the steps of: in acondition where a sender knows a receiver's e-mail address (LD address)with a receiver's domain name attached to a value {A, B, N}K which isencrypted by a mail server AMS with a secret key K, the secret key Kbeing only possessed by the mail server AMS, from a receiver'sidentifier A, a sender's identifier B, and a nonce N issued by the mailserver AMS, forming an e-mail address with a receiver's domain nameattached to a value {{A, B, N}K_(AM), T}K_(AMP) which is encrypted witha receiver's public key from the encrypted value {A, B, N}K and atimestamp T, and sending a message M; causing the mail server BMS tosend a message M to the mail server AMS using the e-mail address; andcausing the mail server AMS to identify a receiver using a public keyK_(AMP), a secret key K_(AM), and a secret key K_(AMS) of the mailserver AMS and to send a message M to the receiver.
 7. The methodaccording to claim 6, when the timestamp T is earlier than a time inwhich a validity period L is subtracted from a current time, furthercomprising at least one step taken from a group of steps consisting of:precluding the message M from being sent to the receiver; or notifyingthe receiver that the timestamp is old.
 8. An e-mail sending method,comprising the steps of: causing a receiver's mailer AML to set areceiver's e-mail address in a sender's field and to send an e-mail to amail server AMS, in response to inputting of a sender's address in adestination field of the receiver's mailer AML; generating an e-mailaddress (LD address) with a receiver's domain name attached to a value{A, B, N}K which is encrypted by a mail server AMS with a secret key K,the secret key K being only possessed by the mail server AMS, from areceiver's identifier A, a sender's identifier B, and a nonce N issuedby the mail server AMS, and rewriting the sender's field to be filled inwith the LD address; causing the mail server AMS, in response to any oneof creating of a user extension field by a mail server AMS and creatingof a user extension field by a receiver, to write a receiver's alias inthe user extension field; causing the mail server AMS to send an e-mailhaving the user extension field to a mail server BMS; causing the mailserver BMS to send an e-mail to a sender; causing a sender's mailer BMLto receive the sent e-mail; causing the sender's mailer BML to recognizethe user extension field, and to create a table having the contents ofthe user extension field regarded as a key and the contents of thesender's field regarded as a value; and causing the sender's mailer BMLto rewrite the sender's field to be filled in with the contents of theuser extension field, and to show the rewritten contents to a user. 9.The method according to claim 8, upon sending an e-mail from the senderto the receiver, further comprising the steps of: finding a valuecorresponding to the receiver'se-mail address, which is inputted in thedestination field, with reference to the table; overwriting the value onthe destination field; and sending the e-mail to the mail server BMS.10. The method according to claim 2, further comprising the steps of:sending an e-mail to the receiver from a third person by use of the LDaddress of which the sender notified the receiver; causing a mail serverCMS of the third person to send the e-mail to the mail server AMS;causing the mail server AMS to decrypt an account part of the e-mail;and determining whether or not information in the sender's field of thee-mail coincides with information obtained due to the decoding bycomparing both of the information.
 11. The method according to claim 10,further comprising any one of the steps of: when a result of thecomparison is not coincident, and then the third person is determinednot to be an authorized e-mail sender, disabling the LD address;precluding the e-mail from being sent to the receiver; and issuing awarning notification to the receiver.
 12. An e-mail address formingsystem comprising: means for sending a receiver's identifier A and asender's identifier B to a receiver's mail server AMS; means forcomputing a value {A, B, N}K which is encrypted by the mail server AMSwith a secret key K, the secret key K being only possessed by the mailserver AMS, from the receiver's identifier A, the sender's identifier B,and a nonce N issued by the mail server AMS, and for sending the value{A, B, N}K to a receiver; and means for forming an e-mail address (LDaddress) to be used by a sender who sends an e-mail to a receiver, byattaching a receiver's domain name to the encrypted value {A, B, N}K.13. A mail system for sending an e-mail from a sender to a receiver,comprising: means for sending a receiver's identifier A and a sender'sidentifier B to a receiver's mail server AMS; means for computing avalue {A, B, N}K which is encrypted by the mail server AMS with a secretkey K, the secret key K being only possessed by the mail server AMS,from the receiver's identifier A, the sender's identifier B, and a nonceN issued by the mail server AMS, and for sending the value {A, B, N}K toa receiver; means for forming an e-mail address (LD address) to be usedby a sender who sends an e-mail to a receiver, by attaching a receiver'sdomain name to the encrypted value {A, B, N}K; and means for sending theformed e-mail address to the sender.
 14. A mail system comprising: meansfor disclosing a receiver's public address; means for sending the publicaddress and a message M_(B) for requesting a permission of communicationwith a sender to a receiver's mail server AMS via a sender's mail serverBMS; means for causing the mail server AMS to send the message M_(B) toa receiver; means for causing the mail server AMS to receive an addressissuance permission from the receiver who received and read the message;means for computing a value {A, B, N}K which is encrypted by the mailserver AMS with a secret key K of the mail server AMS from a receiver'sidentifier A, a sender's identifier B, and a nonce N issued by the mailserver AMS, and for sending the value {A, B, N}K to the sender via themail server BMS; and means for forming an email address (LD address) byattaching a receiver's domain name to the encrypted value {A, B, N}K,and for sending an e-mail to a receiver.
 15. A mail system comprising:means for disclosing a receiver's public address; means for sending thepublic address and a message M_(B) for requesting a permission ofcommunication with a sender to a receiver's mail server AMS via asender's mail server BMS; means for causing the mail server AMS to sendthe message M_(B) to a receiver; means for causing the mail server AMSto receive an address issuance permission from the receiver who receivedand read the message; and means for computing a value {{A, B, N}K}K_(BP) which is encrypted by the mail server AMS with a secret key K ofthe mail server AMS and is further encrypted with a sender's public keyK_(BP) from a receiver's identifier A, a sender's identifier B, and anonce N issued by the mail server AMS, and for sending the value {{A, B,N}K} K_(BP) to the sender via the mail server BMS.
 16. A mail systemcomprising: in a condition where a sender knows a receiver's e-mailaddress (LD address) with a receiver's domain name attached to a value{A, B, N}K which is encrypted by a mail server AMS with a secret key K,the secret key K being only possessed by the mail server AMS, from areceiver's identifier A, a sender's identifier B, and a nonce N issuedby the mail server AMS, means for causing a mail server BMS to receivethe e-mail address and a message M from a sender; means for causing themail server BMS to send the e-mail address and the message M to the mailserver AMS; and means for causing the mail server AMS to identify areceiver from the e-mail address using a secret key K_(AM), and to sendthe message M to the receiver.
 17. A mail system comprising: in acondition where a sender knows a receiver's e-mail address (LD address)with a receiver's domain name attached to a value {A, B, N}K which isencrypted by a mail server AMS with a secret key K, the secret key Kbeing only possessed by the mail server AMS, from a receiver'sidentifier A, a sender's identifier B, and a nonce N issued by the mailserver AMS, means for forming an e-mail address with a receiver's domainname attached to a value {{A, B, N}K_(AM), T}K_(AMP) which is encryptedwith a receiver's public key from the encrypted value {A, B, N}K and atimestamp T, and for sending a message M; means for causing the mailserver BMS to send a message M to the mail server AMS using the e-mailaddress; and means for causing the mail server AMS to identify areceiver using a public key K_(AMP), a secret key K_(AM), and a secretkey K_(AMS) of the mail server AMS and to send a message M to thereceiver.
 18. The system according to claim 17, when the timestamp T isearlier than a time in which a validity period L is subtracted from acurrent time, further comprising at least one step taken from a group ofsteps consisting of: precluding the message M from being sent to thereceiver; or notifying the receiver that the timestamp is old.
 19. Amail system comprising: means for causing a receiver's mailer AML to seta receiver's e-mail address in a sender's field and to send an e-mail toa mail server AMS in response to inputting of a sender's address in adestination field of the receiver's mailer AML; means for generating ane-mail address (LD address) with a receiver's domain name attached to avalue {A, B, N}K which is encrypted by a mail server AMS with a secretkey K, the secret key K being only possessed by the mail server AMS,from a receiver's identifier A, a sender's identifier B, and a nonce Nissued by the mail server AMS, and for rewriting the sender's field tobe filled in with the LD address; means for causing the mail server AMS,in response to any one of creating of a user extension field by a mailserver AMS and creating of a user extension field by a receiver, towrite a receiver's alias in the user extension field; means for causingthe mail server AMS to send an e-mail having the user extension field toa mail server BMS; means for causing the mail server BMS to send ane-mail to a sender; means for causing a sender's mailer BML to receivethe e-mail having been sent; means for causing the sender's mailer BMLto recognize the user extension field, and to create a table having thecontents of the user extension field regarded as a key and the contentsof the sender's field regarded as a value; and means for causing thesender's mailer BML to rewrite the sender's field to be filled in withthe contents of the user extension field, and to show the rewrittencontents to a user.
 20. The system according to claim 19, when the mailsystem sends an e-mail from the sender to the receiver, furthercomprising the steps of: finding a value corresponding to the receiver'se-mail address, which is inputted in the destination field, withreference to the table; overwriting the value on the destination field;and sending the e-mail to the mail server BMS.
 21. The system accordingto claim 12, further comprising: means for sending an e-mail to thereceiver from a third person by use of the LD address of the receiverwhich the sender notified the third person; means for sending the e-mailto the mail server AMS from a mail server CMS of the third person; meansfor decoding an account part of the e-mail by use of the mail serverAMS; and means for determining whether or not information in thesender's field of the e-mail coincides with information obtained due tothe decoding by comparing both of the information.
 22. The systemaccording to claim 21, further comprising: means for disabling the LDaddress, precluding the e-mail from being sent to the receiver, orissuing a warning notification to the receiver when a result of thecomparison is not coincident, and then the third person is determinednot to be an authorized e-mail sender.
 23. An article of manufacturecomprising a computer usable medium having computer readable programcode means embodied therein for causing formation of an e-mail address,the computer readable program code means in said article of manufacturecomprising computer readable program code means for causing a computerto effect the steps of claim
 1. 24. A program storage device readable bymachine, tangibly embodying a program of instructions executable by themachine to perform method steps for sending e-mail, said method stepscomprising the steps of claim
 2. 25. A computer program productcomprising a computer usable medium having computer readable programcode means embodied therein for causing functions of an e-mail addressforming system, the computer readable program code means in saidcomputer program product comprising computer readable program code meansfor causing a computer to effect the functions of claim
 12. 26. Acomputer program product comprising a computer usable medium havingcomputer readable program code means embodied therein for causingfunctions of a mail system for sending an e-mail from a sender to areceiver, the computer readable program code means in said computerprogram product comprising computer readable program code means forcausing a computer to effect the functions of claim 13.